summaryrefslogtreecommitdiffhomepage
path: root/runsc/boot
diff options
context:
space:
mode:
authorFabricio Voznika <fvoznika@google.com>2021-06-03 20:05:33 -0700
committergVisor bot <gvisor-bot@google.com>2021-06-03 20:07:55 -0700
commit86cf56eb71215e24fec49272d915f80c9c569c05 (patch)
treeaf274931af707e90855a1659496a76b8353a1ea7 /runsc/boot
parentb3c608ef8593bad15f9560899febe3ab1e654a73 (diff)
Add additional mmap seccomp rule
HostFileMapper.RegenerateMappings calls mmap with MAP_SHARED|MAP_FIXED and these were not allowed. Closes #6116 PiperOrigin-RevId: 377428463
Diffstat (limited to 'runsc/boot')
-rw-r--r--runsc/boot/filter/config.go6
1 files changed, 6 insertions, 0 deletions
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go
index 49b503f99..905747954 100644
--- a/runsc/boot/filter/config.go
+++ b/runsc/boot/filter/config.go
@@ -200,6 +200,12 @@ var allowedSyscalls = seccomp.SyscallRules{
seccomp.MatchAny{},
seccomp.MatchAny{},
seccomp.MatchAny{},
+ seccomp.EqualTo(unix.MAP_SHARED | unix.MAP_FIXED),
+ },
+ {
+ seccomp.MatchAny{},
+ seccomp.MatchAny{},
+ seccomp.MatchAny{},
seccomp.EqualTo(unix.MAP_PRIVATE),
},
{